CVE-2025-64119
Unknown
Unknown - Not Provided
Authentication Bypass in Nuvation Battery Management System
Publication date: 2026-01-02
Last updated on: 2026-01-02
Assigner: Dragos, Inc.
Description
Description
A vulnerability in Nuvation Battery Management System allows Authentication Bypass.This issue affects Battery Management System: through 2.3.9.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nuvation | battery_management_system | to 2.3.9 (inc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-603 | A client/server product performs authentication within client code but not in server code, allowing server-side authentication to be bypassed via a modified client that omits the authentication check. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the Nuvation Battery Management System allows an attacker to bypass authentication, meaning they can gain unauthorized access to the system without proper credentials. It affects versions through 2.3.9.
How can this vulnerability impact me? :
By bypassing authentication, an attacker could gain unauthorized control or access to the Battery Management System, potentially leading to manipulation or disruption of battery operations, which could cause safety risks, operational failures, or data compromise.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70